Increasingly, in the computing world, functionality is distributed. Such distribution is achieved through the separation of the functionality or data (collectively resources), and the physical or logical decoupling of such resources. In order to accomplish certain tasks or applications, multiple resources may be needed. Thus, communications between various components may be required when implementing that functionality.
To illustrate, to accomplish functionality associated with, for example, an application on a mobile device, the application may communicate with one or more service providers that may be deployed at a remote location, such as on servers or in the cloud. These service providers may, in turn, contact content servers or database servers to obtain needed data, etc.
As another example, a cloud based service may have many components to facilitate, for example, deployability or scaling, where each component may be configured to accomplish different functionality of the service such that a central coordinating service component may need to communicate with these components in order to accomplish a task for the cloud based service.
As can be imagined, these types of architectures present certain difficulties. Some of the most concerning of these difficulties have to do with integration and security. In many cases, the resources that are needed (e.g., by a service) may reside in different domains comprised of an internetworked set of computers or applications associated with a particular entity, address, etc. However, entities that operate these domains restrict the access of a requestor to a resource within their domain if the requestor has not been authenticated within that domain. In other words, access to resources within a domain may be restricted to known or authenticated users of the domain.
While it may be prudent from the point of view of domain security, restricting access to resources of the domain to known users of that domain serves as a major impediment to proper functioning and communication between distributed resources. This situation exists mainly because, in many cases, a requestor (e.g., service or the like) may be required to communicate with a number of distinct domains and access a number of different resources to accomplish a particular task, and may even have to utilize different resources to accomplish different instances of the same task. A requestor may, however, not always be a known user of the domain where a desired resource resides.
In certain cases, then, integration between components (e.g., applications, data, etc.) has been provided by delivering components from remote service providers or the like and having these components execute on the recipient machine. This delivery is accomplished, in many instances, through a browser. For example, separately, or in conjunction with a web page accessed by the user, a component may be delivered through a user's browser and executed in conjunction with that browser on the user's device. While this serves to provide certain functionality, this method still limits the level or amount of functionality or access that can be utilized by that component, as these browser based (or other networked delivered) components are usually restricted in some manner (sometimes severely) because of security concerns.
Accordingly, what is needed are systems and methods which allow components, including browser based components, to be effectively integrated with a domain in a manner that allows these components a wide range of access to the functionality of that domain while maintaining a desired level of security.